Cloud security auditing: Challenges and emerging approaches

Jungwoo Ryoo, Syed S. Rizvi, William Aiken, John Kissell

Research output: Contribution to journalArticle

23 Scopus citations

Abstract

IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

Original languageEnglish (US)
Article number6662349
Pages (from-to)68-74
Number of pages7
JournalIEEE Security and Privacy
Volume12
Issue number6
DOIs
StatePublished - Nov 1 2014

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Law

Cite this